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AMENDMENTS TO THE CLAIMS 

The listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

1 . (Currently Amended) A method comprising: 

encrypting a plurality of non-volatile storage regions, each being encrypted using a 
different encryption key from a set of encryption keys; 

making a first subset of the encryption keys available to a first user thereby 
granting the first user access to a corresponding first subset of non-volatile 
storage regions, the first subset of the encryption keys cons i st i ng of on e including 
a pluralityr^r-aWof the encryption keys; [[and]] 

making a second subset of the encryption keys available to a second user thereby 
granting the second user access to a corresponding second subset of non- 
volatile storage regions, the second subset cons i st i ng of on e , of the encryption 
kevs including a plurality , or a ll of the encryption keys[[.]]; 

generating a first private-public encryption key pair and a second private-public 
encryption key pair; 

making the first private key available only to the first user and the second private 
key available only to the second user; and 

encrypting the first subset of the encryption kevs using the first public encryption 
key, and the second subset of the encryption kevs using the second public 
encryption key. 

2. (Canceled) 

3. (Currently Amended) The method of Claim [[2]] 1, further comprising: 
storing the first private key and the second private key in a secure memory unit; 
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protecting access to the first private key with a first authentication token, the first 
authentication token being known only to the first user; and 

protecting access to the second private key with a second authentication token, the 
second authentication token being known only to the second user. 

4. (Original) The method of Claim 3, further comprising: 

requesting an authentication token from a user attempting to access one or more of 
the non-volatile storage regions; 

authenticating the user, if the user's authentication token matches one of the 
authentication tokens used to protect access to one of the private keys; 

decrypting, with the secure encryption module using the authenticated user's 
private key, a corresponding subset of encryption keys, in response to 
authenticating the user; and 

decrypting a corresponding subset of non-volatile storage regions, thereby making 
the corresponding subset of non-volatile storage regions available to the 
authenticated user. 

5. (Original) The method of Claim 3, wherein the authentication tokens are selected 
from the group consisting of: passwords, fingerprints signatures, voice signatures, 
retina signatures, and secure access devices. 

6. (Original) The method of Claim 4, wherein the encrypting and decrypting the 
plurality of non-volatile storage regions are performed using full-disk encryption 
software. 

7. (Original) The method of Claim 1 , wherein one of the non-volatile storage regions 
is adapted to store an operating system and data common to the first user and to the 
second user. 
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8. (Original) The method of Claim 1 , wherein one of the non-volatile storage regions 
is adapted to store user-specific data of the first user. 

9. (Original) The method of Claim 1 , wherein one of the non-volatile storage regions 
is adapted to store user-specific data of the second user. 

10. (Original) The method of Claim 1, wherein the non-volatile storage regions are 
chosen from the group consisting of: volumes, disks, partitions, and 
folders/directories. 

1 1 . (Currently Amended) An apparatus comprising: 
one or more processors; 

a memory accessible by the one or more processors; 

a plurality of non-volatile storage regions accessible by the one or more 
processors; 

an encryption unit adapted to encrypt the plurality of non-volatile storage regions, 
each with a different encryption key selected from a set of encryption keys; 

wherein a first subset of the encryption keys is made available to a first user 
thereby granting the first user access to a corresponding first subset of non- 
volatile storage regions, the first subset of the encryption keys cons i st i ng of 
efler including a plurality , or a l l of the encryption keys; and 

wherein a second subset of the encryption keys is made available to a second 
user thereby granting the second user access to a corresponding second 
subset of non-volatile storage regions, the second subset cons i st i ng of on e , of 
the encryption keys including a pluralit y, or a ll of the encryption kevs[[.11 ; and 

a secure encryption module adapted to: 

generate a first private-public encryption key pair and a second private-public 
encryption key pair; 
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make the first private key available only to the first user and the second private 
key available only to the second user; and 

encrypt the first subset of the encryption keys using the first public encryption 
key, and the second subset of the encryption keys using the second public 
encryption key. 

12. (Canceled) 

1 3. (Currently Amended) The apparatus of Claim [[1 2]] Y\_, wherein the secure 
encryption module is further adapted to: 

store the first private key and the second private key; 

protect access to the first private key with a first authentication token, the first 
authentication token being known only to the first user; and 

protect access to the second private key with a second authentication token, the 
second authentication token being known only to the second user. 

14. (Original) The apparatus of Claim 1 3, 

wherein the secure encryption module is further adapted to: 

request an authentication token from a user attempting to access one or more 

of the non-volatile storage regions, 
authenticate the user, if the user's authentication token matches one of the 

authentication tokens used to protect access to one of the private keys, and 
decrypt, using the authenticated user's private key, a corresponding subset of 

encryption keys, in response to authenticating the user, and 

wherein the encryption unit is further adapted to decrypt a corresponding subset of 
non-volatile storage regions, thereby making the corresponding subset of non- 
volatile storage regions available to the authenticated user. 
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15. (Original) The apparatus of Claim 13, wherein the authentication tokens are 
selected from the group consisting of: passwords, fingerprints signatures, voice 
signatures, retina signatures, and secure access devices. 

16. (Original) The apparatus of Claim 14, wherein the encryption unit comprises full- 
disk encryption software. 

1 7. (Original) The apparatus of Claim 1 1 , wherein one of the non-volatile storage 
regions is adapted to store an operating system and data common to the first user 
and to the second user. 

18. (Original) The apparatus of Claim 1 1 , wherein one of the non-volatile storage 
regions is adapted to store user-specific data of the first user. 

1 9. (Original) The apparatus of Claim 1 1 , wherein one of the non-volatile storage 
regions is adapted to store user-specific data of the second user. 

20. (Original) The apparatus of Claim 1 1 , wherein the non-volatile storage regions 
are chosen from the group consisting of: volumes, disks, partitions, and 
folders/directories. 

21 . (Currently Amended) A computer program product stored on a computer 
operable medium, the computer operable medium containing instructions for 
execution by a computer, which, when executed by the computer, cause the 
computer to implement a method comprising: 

m e ans for encrypting a plurality of non-volatile storage regions, each non-volatile 
storage region being encrypted using a different encryption key from a set of 
encryption keys; 

m e ans for making a first subset of the encryption keys available to a first user 
thereby granting the first user access to a corresponding first subset of non- 
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volatile storage regions, the first subset of the encryption keys cons i st i ng of on e , 
including a pluralityr-of-att of the encryption keys; [[and]] 

m e ans for making a second subset of the encryption keys available to a second 
user thereby granting the second user access to a corresponding second subset 
of non-volatile storage regions, the second subset cons i st i ng of on e , of the 
encryption keys including a plurality , or al l of the encryption keys[[.]]; 

generating a first private-public encryption key pair and a second private-public 
encryption key pair; 

making the first private key available only to the first user and the second private 
key available only to the second user; and 

encrypting the first subset of the encryption keys using the first public encryption 
key and the second subset of the encryption keys using the second public 
encryption key. 

22. (Canceled) 

23. (Currently Amended) The computer program product of Claim [[22]] 21, wherein 
the method further compr i s i ng: comprises: 

m e ans for storing the first private key and the second private key; 

m e ans for protecting access to the first private key with a first authentication token, 
the first authentication token being known only to the first user; and 

m e ans for protecting access to the second private key with a second authentication 
token, the second authentication token being known only to the second user. 

24. (Currently Amended) The computer program product of Claim 23, wherein the 
method further compr i s i ng: comprises: 

m e ans for requesting an authentication token from a user attempting to access one 
or more of the non-volatile storage regions; 
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m e ans for authenticating the user, if the user's authentication token matches one of 
the authentication tokens used to protect access to one of the private keys; 

m e ans for decrypting, using the authenticated user's private key, a corresponding 
subset of encryption keys, in response to authenticating the user; and 

m e ans for decrypting a corresponding subset of non-volatile storage regions, 
thereby making the corresponding subset of non-volatile storage regions 
available to the authenticated user. 

25. (Original) The computer program product of Claim 23, wherein the authentication 
tokens are selected from the group consisting of: passwords, fingerprints signatures, 
voice signatures, retina signatures, and secure access devices. 

26. (Currently Amended) The computer program product of Claim 24, wherein the 
m e ans for encrypting and the means for decrypting the plurality of non-volatile 
storage regions compr i sos are performed using full-disk encryption software. 

27. (Original) The computer program product of Claim 21 , wherein one of the non- 
volatile storage regions is adapted to store an operating system and data common to 
the first user and the second user. 

28. (Original) The computer program product of Claim 21 , wherein one of the non- 
volatile storage regions is adapted to store user-specific data of the first user. 

29. (Original) The computer program product of Claim 21 , wherein one of the non- 
volatile storage regions is adapted to store user-specific data of the second user. 

30. (Original) The computer program product of Claim 21 , wherein the non-volatile 
storage regions are chosen from the group consisting of: volumes, disks, partitions, 
and folders/directories. 
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